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BUILD AN OPEN BANKING ENVIRONMENT THAT ADVANCES BUSINESS 


Open banking provides a new opportunity for banks to monetize the products, services, and data 
they already have, as well as gain new customers. In fact, nearly 20% of banks have already invested 
in open banking-related initiatives and 77% will do so by 2019.' Going beyond simply meeting regula- 
tions can help your organization surpass your competition and increase returns from your invest- 
ments. To do this, you need a flexible digital environment that connects third-party applications to 
your application programming interfaces (APIs) and banking systems of record without compromis- 
ing the security or operation of your systems. It should: 


e Allow authorized third-party applications to securely access data from your banking systems. 
e Protect your systems from security threats and excess traffic. 
e Track requests, audit use, and charge users and third-parties for use. 


e Enable modern development approaches that speed time to market for new products and 
services and improve developer productivity. 


e Monitor infrastructure health and services to identify and remediate issues before they 
impact users. 


e Handle large volumes of expected and unexpected traffic. 


Red Hat offers an open platform that includes API management, cloud infrastructure, containers, 
microservices, automation, and modern development tools to promote ongoing innovation and 
successful open banking initiatives. 


RED HAT'S MODULAR, INTEROPERABLE OPEN BANKING PLATFORM 


Using open systems and modern technologies, Red Hat can help you build a flexible, effective, 
security-focused open banking environment. 


OPEN PLATFORMS 


Open platforms are essential for creating effective open banking ecosystems. Red Hat's open source 
software stack provides key elements-like application services, containers, management, automa- 
tion, and connectivity-needed for open banking initiatives. Industry-standard interfaces and inte- 
gration between layers of the stack simplify interoperability between applications, APIs, and systems 
of record. Without vendor lock-in, you can move applications and services between infrastructures 
and cloud providers to optimize costs, improve performance, and meet growing demand. 


1 Accenture, “Capitalize on open banking trends,” October 2017. accenture.com/us-en/insight-open-banking-trends. 


2 McKinsey, “What it really takes to capture the value of APIs," September 2017. mckinsey.com/business-functions/ 
digital-mckinsey/our-insights/what-it-really-takes-to-capture-the-value-of-apis. 
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SECURITY FOCUS 


To protect your business and your clients, you need a continuous, integrated approach to security in 
your open banking environment. Red Hat builds advanced security features-like Security-Enhanced 
Linux® (SELinux), mandatory access controls, and container-based application isolation-into its 
products. Compliance with Payment Card Industry Data Security Standard (PCI-DSS), Defense 
Information Systems Agency Security Technical Implementation Guides (DISA STIGs), and Federal 
Information Processing Standards (FIPS) ensures your environment operates according to the latest, 
most stringent security standards. Integration between layers in the Red Hat® stack extends mili- 
tary-grade protection throughout your environment. 


Additionally, Red Hat's unique subscription model also gives you access to a dedicated team of 
experts who support Red Hat technology 24x7. For example, Red Hat Product Security issues fixes 
for most critical security issues within one day of discovery. 


Using a modular approach, Red Hat provides all of the capabilities needed to add open banking APIs 
to your products and services. Figures 1 and 2 show how Red Hat products work together to process 
API requests and streamline API development and improvements. 


API REQUEST PROCESS AND DATA FLOW 


APIs are at the core of open banking initiatives. Red Hat delivers innovative, tested, trusted compo- 
nents for each step in the API request and data delivery process. 


CONTAINER PLATFORM 


Containers simplify application and API deployment and portability across platforms. This eliminates 
the need to refactor services to launch them on different infrastructure and makes your environ- 
ment more efficient. 


An enterprise-grade container application platform, Red Hat OpenShift® provides services to 
containerized workloads and components. It delivers built-in security features for container-based 
applications—including role-based access controls (RBAC), SELinux-enabled isolation, and checks 
throughout the container build process—helping to safeguard your overall API environment. 


In this open banking platform, Red Hat OpenShift serves as the underlying container application 
platform. Red Hat 3scale API Management, Red Hat Fuse, Red Hat Single Sign-On, and Red Hat 
OpenShift Application Runtimes all run in containers within Red Hat OpenShift. 


3 TechValidate, survey of 85 Red Hat customers at financial services institutions conducted in April 2017. techvalidate. 
com/tvid/E4A-C3D-FA8. 


4 Learn more about Red Hat Product Security at access.redhat.com/security/overview. 
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Figure 1. API request process and data flow 


SECURITY AND AUTHENTICATION 


Security is always a key concern in financial services and you must ensure that only authorized 
applications and users access your data and systems. Access control is achieved through authentica- 
tion and identity management tools that integrate with your API management system: 


1. A third-party application sends an authorization request to your identity provider, according 
to the standard OpenID Connect protocol. 


2. Your identity provider system authenticates the request and returns a digitally signed 
JavaScript Object Notation (JSON) Web Token to the third-party application. 


3. The third-party application attaches the web token to the API request and sends it to your 
API management platform. 


4. Your API management platform contacts your identity provider to validate the authenticity 
of the token, and optionally the authorization, and forwards the API request to the appropriate 
banking systems of record and APIs. 


5 Accenture, “Capitalize on open banking trends,” October 2017. accenture.com/us-en/insight-open-banking-trends. 
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Included as part of Red Hat OpenShift, Red Hat Single Sign-On is an integrated identity provider 
solution that implements federated authentication for web applications, mobile applications, and 
RESTful web services. It is a core service that is delivered as a part of many Red Hat products 

and can be configured to use OpenID providers like Google, Facebook, Twitter, Github, Linkedin, 
Microsoft, or StackOverflow. Red Hat Single Sign-On also supports Kerberos logins and can federate 
existing Lightweight Directory Access Protocol (LDAP) or Active Directory systems. 


In this platform, Red Hat Single Sign-On provides authentication and identity services. The Istio 
service mesh can also be used to manage authentication, authorization, and communication encryp- 
tion between services within your environment. 


API MANAGEMENT 


Managing, securing, and monetizing your APIs is critical. An API management platform lets you 
monitor and control API use and throttle requests as needed to protect systems of record. They can 
also charge appropriate users and third-party application providers for use of valuable APIs. 


Red Hat 3scale API Management lets you share, secure, distribute, manage, and monetize your 
APIs on a centralized platform built for performance, customer control, and future growth. Whether 
in on-premise or cloud environments, a set of self-managed and cloud components provide traffic 
control, security, and access policy enforcement capabilities. Integration with Red Hat OpenShift 
lets you build, deploy, and scale high-performance, cloud-native applications and backends in a con- 
tained and automated way. Coordination with Red Hat Fuse lets business users, integration experts, 
and application developers create APIs easily and quickly. 


In this solution, Red Hat 3scale API Management provides a centralized point of control and man- 
agement for your API program. Istio can also be used in conjunction with Red Hat 3scale API 
Management to control the flow of traffic and API calls, apply policies, and monitor services from 
user application to internal system of record.’ 


APPLICATION RUNTIME SERVICE 


To make the most of the API ecosystem, your environment needs to be able to handle APIs written 
in many different languages and platforms. 


Included as part of Red Hat OpenShift, Red Hat OpenShift Application Runtimes is a collection of 
cloud-native runtimes for developing Java™ or JavaScript applications on OpenShift. It provides 
portability across multiple cloud infrastructures, allowing developers to use microservices, contain- 
ers, and DevOps automation to create new applications and APIs. 


In this solution, Red Hat OpenShift Applications Runtimes routes requests through the appropriate 
runtime service. 


API INTEGRATION WITH BANKING SYSTEMS 


An API integration tool serves as a connection point for your externally facing APIs and your internal 
banking APIs and systems of record. It transforms and directs incoming API requests to the appro- 
priate endpoint within your environment, allowing changes to systems of record without impacting 
externally facing services. 


6 Accenture, "Capitalize on open banking trends,” October 2017. accenture.com/us-en/insight-open-banking-trends. 


7 For more information on how Istio service mesh can be used in this solution, see itnext.io/ 
api-management-and-service-mesh-e7f0e686090e. 
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Red Hat Fuse is a distributed, cloud-native integration platform that enables integration experts, 
application developers, and business users to collaborate and independently develop connected 
solutions. A distributed approach and API-centric, container-based architecture decouples services 
so they can be created, extended, and deployed independently. With more than 200 included con- 
nected, you can integrate everything from legacy systems to Internet of Things (loT) devices into a 
single environment. 


In this solution, Red Hat Fuse converts incoming API requests and routes them to the appropriate 
banking API or system. 


API DEVELOPMENT AND IMPROVEMENT PIPELINE 


In fast-moving industries like financial services, agility is critical. You must be able to rapidly 
develop and modify APIs to adapt to changing market demands and new competitive offerings. 


A modern, container-based development and deployment platform can help you build, launch, 
and improve APIs and applications quickly and efficiently. Red Hat OpenShift helps you achieve 
this using a continuous integration and continuous delivery (CI/CD) pipeline. 


e Continuous integration. Developers write and integrate code into a shared repository 
multiple times a day. Each code check-in is verified by automated build and integration 
testing to detect problems early in the process. 


e Continuous delivery. Verified code is reviewed, staged, and moved to production ina 
repeatable process. 


Red Hat OpenShift includes build and delivery orchestration and automation so you can adopt 
CI/CD development approaches more easily. 
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Figure 2. Continuous integration and continuous delivery pipeline 
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DEPLOY FASTER WITH RED HAT SERVICES 


Red Hat Consulting offers services to help you build an open banking environment faster. Using 

a strategic solution delivery framework, Red Hat experts can provide assessment, planning, and 
implementation services to deploy one or more APIs quickly. These engagements typically include 
configuration of your environment, high-availability platform, and policies as well as integration with 
identity providers. Preconfigured open banking APIs, based on standard security policies and default 
API contracts, will also be available for you to use. 


CONCLUSION 


The move to open banking is inevitable. Deploying a flexible, interoperable open banking environ- 
ment can help you go beyond simply complying with regulations to create a platform for ongoing 
innovation and revenue generation. Red Hat's open, modular framework gives you all of the capabili- 
ties needed to build an agile, effective, security-focused infrastructure that adapts as your business 
and industry changes. 


Are you ready to move forward, faster? Start your trial of the Red Hat open banking platform today 
by registering at redhat.com/openbanking. 


8 Accenture, “Capitalize on open banking trends,” October 2017. accenture.com/us-en/insight-open-banking-trends. 
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